On Mar 8, 2005, at 12:56 AM, Jim Fenton wrote:
This depends on all authoritative DNS servers being tightly coupled to
the revocation infrastructure, and I'm not sure how practical that is
for everyone. Some mail domains probably don't run their own name
servers; they may do this through their registrar. And every
"hammering" is one that got away (notwithstanding your next comment):
Arguments about the administrative proximity of DNS and email have been
made ever since the idea of DNS-based sender authentication started.
If an organization has this little control over their own zones, then
DK/IIM have more basic problems, as in how will they get the key in the
zone in the first place much less manage key roll-over. In fact, this
will be an issue from some domain holders but we will probably never
know just how slight or serious this problem really is.
If this is the case, how long must the revocation records be retained?
It must be much longer than has been discussed for keys (a week or so
to allow delivery of queued messages).
I don't understand this. Why would it be any longer than the signing
key?
I'm not saying revocation indicators are bad -- I'm still trying to
decide what I think. But I'm concerned they're being oversold a bit.
Something that actually prevented the replay attack would be best, but
we don't seem to have one. My own opinion is that revocation IDs are
good enough. Of course, we could turn Doug's idea on its head and do
validation IDs requiring the presence of A records for all valid
messages, but I would guess this would really be an administrative
challenge.
-andy